<?php 

if(!isset($_POST['action'])){
	exit;
}

// Include config file
include_once('./common.php');

//handle what we are doing. either letting the user know they need to click to change the password or to actually change it
if($_POST['action'] == "resetPassword"){
	resetPassword();
}elseif($_POST['action'] == "verifyReset"){
	verifyReset();
}else{
	die("no action");
}

function resetPassword(){
	//make sure the email address is ok
	if(!checkEmail($_POST['email'])){
		echo "output=emailError";
		return;
	}
	
	//see if the email is in the database
	$link = dbConnect();
	$email = mysql_real_escape_string($_POST['email']);
	
	$result = mysql_query("SELECT userID, username FROM ".TABLE_PREFIX."_users WHERE email = '".$email."'");
	if(mysql_num_rows($result) == 0){
		//no email found, throw the error
		echo "output=emailNotFound";
		return;
	}
	
	//valid email, go ahead and make a temp password and send them an email
	$data = mysql_fetch_object($result);
	$userID = $data->userID;
	$username = $data->username;
	
	//create a temp password
	$tempPassword = getRandomCode();
	
	//put it in the database
	$result = mysql_query("UPDATE ".TABLE_PREFIX."_users SET tempPassword = '".$tempPassword."' WHERE userID=".$userID);
	
	if(!$result){
		echo "output=mysqlError&mysqlError=".mysql_error();
		mysql_close($link);
		return;
	}
	
	//send off the mail
	echo "output=success";
	mysql_close($link);
	
	//setup the message
	$installDir = $_POST['installDirectory'];
	$subject = stripslashes($_POST['subject']);
	$body = $_POST['message'];
	$boardName = $_POST['boardName'];
	$boardEmail = $_POST['boardEmail'];
	
	$mailMessage =  $username.",\n\n".$body."\n\n".$installDir."#/?reset_password=".$email."&key=".$tempPassword."\n\n";
	$mailMessage .=	$boardName."\n".$installDir;
	
	sendMail($email, $subject, $mailMessage, $boardName, $boardEmail);
}

function verifyReset(){
	
	//makes sure that the email and the temp key match up, if they do it sets the password to be that
	$link = dbConnect();
	$email = mysql_real_escape_string($_POST['email']);
	$tempPassword = mysql_real_escape_string($_POST['key']);
	
	$result = mysql_query("SELECT username FROM ".TABLE_PREFIX."_users WHERE email = '".$email."' AND tempPassword = '".$tempPassword."' LIMIT 1");
	
	if(!$result){
		echo "output=mysqlError&mysqlError=".mysql_error();
		mysql_close($link);
		return;
	}
	
	//make sure the email and key match
	if(mysql_num_rows($result) != 1){
		echo "output=keyMatchError";
		mysql_close($link);
		return;
	}
	
	//insert the temp password as the real password
	$data = mysql_fetch_object($result);
	$username = $data->username;
	$newPassword = md5($tempPassword);
	
	$result = mysql_query("UPDATE ".TABLE_PREFIX."_users SET password = '".$newPassword."', tempPassword = '' WHERE username='".$username."'");
	
	if(!$result){
		echo "output=mysqlError&mysqlError=".mysql_error();
		mysql_close($link);
		return;
	}
	
	//all good, let flash know of the new password as well so we can log them in
	echo "output=success&username=".$username."&password=".$newPassword;
}

function getRandomCode(){
	//define elements
	$LETTERS = array('A', 'B', 'C', 'E', 'G', 'H', 'J', 'K', 'M', 'P', 'Q', 'R', 'S', 'T', 'X', 'Y', 'Z');
	$NUMBERS = array('2', '3', '4', '5', '6', '7');
	$CODE_LENGTH = 10;
	
	$output = "";
	
	for($i = 1; $i <= $CODE_LENGTH; $i++){
		$rand = mt_rand(0,1);
		if($rand == 0){
			//get a random letter
			$output .= $LETTERS[mt_rand(0, count($LETTERS) - 1)];
		}else{
			//get a random number
			$output .= $NUMBERS[mt_rand(0, count($NUMBERS) - 1)];
		}
	}
	
	return $output;
}
?>